According to Apple, a “small number” of its employees computers were compromised due to a vulnerability in Java.
How Did It Happen?
It appears that this zero-day exploit is the same one that resulted in a number of Facebook employees having malware installed on their laptops as a result of visiting a mobile developer website that had been compromised: Apple says their employees were infected “through a website for software developers.”
Did The Hackers Steal Any Data?
According to Apple, no. “We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple.”
Okay, But If It Happened To Apple, It Can Happen To Me… Right?
Yes, if you have Java installed on your OS X machine. But Apple is saying that they will be “issuing software” to prevent the malware from infecting users. This probably means that they will be updating their anti-malware blacklist in OS X today to make sure that Mac users won’t be infected the same way they were. This will happen automatically in the background.
What Is Java?
How Do I Protect Myself From Future Zero-Day Java Exploits?
You should seriously consider uninstalling Java if you are concerned about falling prey to such exploits. In fact, you probably don’t even need Java on your machine.
Many of the malware hacks that happen these days occur because of vulnerabilities in Oracle’s software that haven’t yet been patched (called zero-day exploits); in fact, it’s for just this reason that Apple deprecated shipping their own versions of Java back in 2010. They simply couldn’t keep their own version of Java updated quickly enough to address exploits.
If you don’t need Java on your machine, it’s easy to uninstall. Here’s how to do it:
Note: To uninstall Java 7, you must have Administrator privileges.
- Click on the Finder icon located in your dock
- Click on Applications tab on the sidebar
- In the Search box enter JavaAppletPlugin.plugin
- This will find the JavaAppletPlugin.plugin file
- Right click on JavaAppletPlugin.plugin and select Move to Trash
You can also simply switch off Java in your browsers of choice. Check out our how-to guide for a step-by-step look at how to do that.